Managing S3 access keys

An S3 user is created with one access key pair: an access key and a secret key. It is recommended to periodically delete old access key pairs and generate new ones. Enabling and disabling access keys allows or prohibits access to user data using these keys. When you delete an access key, it cannot be retrieved.

Limitations

  • An S3 user can have up to two key pairs.
  • The last access key pair cannot be deleted.

To copy S3 access key pairs for an S3 user

  1. Open the Storage services > S3 > Users screen, and then select a user.

  2. On the user right pane, browse the S3 access keys section:

    1. To copy an access key ID, click the copy icon next to the key.
    2. To copy a secret access key, click the ellipsis icon next to the key, and then click Copy secret access key.

To add an access key pair for an S3 user

Admin panel

  1. Open the Storage services > S3 > Users screen, and then select a user.
  2. On the user right pane, browse the S3 access keys section and click Create.
  3. In the Create S3 access key window, optionally specify a name for the key, and then click Create.

Command-line interface

Use the following command:

vinfra service s3 self-service user keys add [--domain <domain>] [--user <user>] [--access-key <key>]
                                             [--secret-key <secret>] [--name <friendly-name>]
--domain <domain>
Domain name or ID
--user <user>
Domain user name or ID
--access-key <key>
Access key ID
--secret-key <secret>
Secret key
--name <friendly-name>
A friendly name for the key

For example, to add an access key pair for the S3 user user1 in the domain domain1, run:

vinfra service s3 self-service user keys add --domain domain1 --user user1 --name new

You can check the user access keys in the vinfra service s3 self-service user show output:

# vinfra service s3 self-service user show --domain domain1 --user user1
+---------+----------------------------------------------------------------+
| Field   | Value                                                          |
+---------+----------------------------------------------------------------+
| arn     | arn:aws:iam::dff4158faaa848ac92b7284fc011b72f:fef81edf9cbf754b |
| enabled | True                                                           |
| keys    | - acc_key: fef81edf9cbf754bO22W                                |
|         |   acc_secrete: VgI3Mn4UEuJI4PxhdNJveVe8IouXyFzrCAgtJ0G1        |
|         |   enabled: true                                                |
|         |   name: null                                                   |
|         | - acc_key: fef81edf9cbf754b0G5C                                |
|         |   acc_secrete: ygENV2oBGhaD3qYr5tYqEh4xlFmthvcGWSs6fU3o        |
|         |   enabled: true                                                |
|         |   name: new                                                    |
+---------+----------------------------------------------------------------+

To disable an access key pair for an S3 user

Admin panel

  1. Open the Storage services > S3 > Users screen, and then select a user.
  2. On the user right pane, browse the S3 access keys section, click the ellipsis icon next to the key, and then click Disable.
  3. Click Disable in the confirmation window.

Command-line interface

Use the following command:

vinfra service s3 self-service user keys disable [--domain <domain>] [--user <user>] [--key <key>]
--domain <domain>
Domain name or ID
--user <user>
Domain user name or ID
--key <key>
Access key ID

For example, to disable the access key fef81edf9cbf754b0G5C for the S3 user user1 in the domain domain1, run:

vinfra service s3 self-service user keys disable --domain domain1 --user user1 --key fef81edf9cbf754b0G5C

To enable an access key pair for an S3 user

Admin panel

  1. Open the Storage services > S3 > Users screen, and then select a user.
  2. On the user right pane, browse the S3 access keys section, click the ellipsis icon next to the disabled key, and then click Enable.
  3. Click Enable in the confirmation window.

Command-line interface

Use the following command:

vinfra service s3 self-service user keys enable [--domain <domain>] [--user <user>] [--key <key>]
--domain <domain>
Domain name or ID
--user <user>
Domain user name or ID
--key <key>
Access key ID

For example, to enable the access key fef81edf9cbf754b0G5C for the S3 user user1 in the domain domain1, run:

vinfra service s3 self-service user keys enable --domain domain1 --user user1 --key fef81edf9cbf754b0G5C

To delete an access key pair for an S3 user

Admin panel

  1. Open the Storage services > S3 > Users screen, and then select a user.
  2. On the user right pane, browse the S3 access keys section, click the ellipsis icon next to the disabled key, and then click Delete.
  3. Click Delete in the confirmation window.

Command-line interface

Use the following command:

vinfra service s3 self-service user keys delete [--domain <domain>] [--user <user>] [--access-key <key>]
--domain <domain>
Domain name or ID
--user <user>
Domain user name or ID
--access-key <key>
Access key ID

For example, to delete the access key fef81edf9cbf754b0G5C for the S3 user user1 in the domain domain1, run:

# vinfra service s3 self-service user keys delete --domain domain1 --user user1 --access-key fef81edf9cbf754b0G5C
Related Topics Link IconSee also